5e327bbd57e25e98b6d47706e67e446150c0287ca063b3d99cd661deee471627

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 20:07

Target

013b0782436d86b0eaeb8b05fb5ac420N.dll
Size

6KB
MD5

013b0782436d86b0eaeb8b05fb5ac420
SHA1

60d1208f67ae4b0283938a06719b0a5b359f0205
SHA256

5e327bbd57e25e98b6d47706e67e446150c0287ca063b3d99cd661deee471627
SHA512

407e2e255781c41c69830daf40e7376793a76a18c1391a015001be3b876551310e03b61b2359c4ffc7c4b170d1cf3061a278aff71993b266b4c436bca42a6ad1
SSDEEP

96:nEY2RrF1eqwi4JTFO9C45AQwVOyr21FtF8bo3gCmBrZ+GdLNUI:EHRh1epp1FOg4m/riZbuNU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 4784	5016	rundll32.exe	83
PID 5016 wrote to memory of 4784	5016	rundll32.exe	83
PID 5016 wrote to memory of 4784	5016	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\013b0782436d86b0eaeb8b05fb5ac420N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\013b0782436d86b0eaeb8b05fb5ac420N.dll,#1
  2⤵
  PID:4784